conflict fixed

agent/kubviz/kubePreUpgrade.go

@@ -83,25 +83,27 @@ func publishK8sDepricated_Deleted_Api(result *model.Result, js nats.JetStreamCon
 
 func KubePreUpgradeDetector(config *rest.Config, js nats.JetStreamContext) error {
 
-	ctx:=context.Background()
+	ctx := context.Background()
 	tracer := otel.Tracer("kubepreupgrade")
 	_, span := tracer.Start(opentelemetry.BuildContext(ctx), "KubePreUpgradeDetector")
 	span.SetAttributes(attribute.String("kubepug-plugin", "kubepug-output"))
 	defer span.End()
-
-	swaggerdir, err := os.MkdirTemp("", "kubepug")
+
+	pvcMountPath := "/mnt/agent/kbz"
+	uniqueDir := fmt.Sprintf("%s/kubepug", pvcMountPath)
+	err := os.MkdirAll(uniqueDir, 0755)
+
 	if err != nil {
 		return err
 	}
-	filename := fmt.Sprintf("%s/swagger-%s.json", swaggerdir, k8sVersion)
+	filename := fmt.Sprintf("%s/swagger-%s.json", uniqueDir, k8sVersion)
 	url := fmt.Sprintf("%s/%s/%s", baseURL, k8sVersion, fileURL)
 	err = downloadFile(filename, url)
 	if err != nil {
 		return err
 	}
-	defer os.RemoveAll(swaggerdir)
-	swaggerfile := filename
-	kubernetesAPIs, err := PopulateKubeAPIMap(swaggerfile)
+	defer os.RemoveAll(filename)
+	kubernetesAPIs, err := PopulateKubeAPIMap(filename)
 	if err != nil {
 		return err
 	}

agent/kubviz/trivy.go

@@ -4,7 +4,9 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
+	"fmt"
 	"log"
+	"os"
 	exec "os/exec"
 	"strings"
 
@@ -20,7 +22,7 @@ import (
 
 func executeCommandTrivy(command string) ([]byte, error) {
 
-	ctx:=context.Background()
+	ctx := context.Background()
 	tracer := otel.Tracer("trivy-cluster")
 	_, span := tracer.Start(opentelemetry.BuildContext(ctx), "executeCommandTrivy")
 	span.SetAttributes(attribute.String("trivy-k8s", "command-running"))
@@ -40,16 +42,24 @@ func executeCommandTrivy(command string) ([]byte, error) {
 	return outc.Bytes(), err
 }
 func RunTrivyK8sClusterScan(js nats.JetStreamContext) error {
-
+	
 	var report report.ConsolidatedReport
 
-	ctx:=context.Background()
+	ctx := context.Background()
 	tracer := otel.Tracer("trivy-cluster")
 	_, span := tracer.Start(opentelemetry.BuildContext(ctx), "RunTrivyK8sClusterScan")
 	span.SetAttributes(attribute.String("cluster-name", report.ClusterName))
 	defer span.End()
 
-	cmdString := "trivy k8s --report summary cluster --exclude-nodes kubernetes.io/arch:amd64 --timeout 60m -f json --cache-dir /tmp/.cache --debug"
+	pvcMountPath := "/mnt/agent/kbz"
+	trivyCacheDir := fmt.Sprintf("%s/trivy-cache", pvcMountPath)
+	err := os.MkdirAll(trivyCacheDir, 0755)
+	if err != nil {
+		log.Printf("Error creating Trivy cache directory: %v\n", err)
+		return err
+	}
+	cmdString := fmt.Sprintf("trivy k8s --report summary cluster --exclude-nodes kubernetes.io/arch:amd64 --timeout 60m -f json --cache-dir %s --debug", trivyCacheDir)
+
 	clearCacheCmd := "trivy k8s --clear-cache"
 	out, err := executeCommandTrivy(cmdString)
 	if err != nil {

agent/kubviz/trivy_image.go

@@ -3,6 +3,7 @@ package main
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	"log"
 	"os"
 	"strings"
@@ -19,6 +20,13 @@ import (
 )
 
 func RunTrivyImageScans(config *rest.Config, js nats.JetStreamContext) error {
+	pvcMountPath := "/mnt/agent/kbz"
+	trivyImageCacheDir := fmt.Sprintf("%s/trivy-imagecache", pvcMountPath)
+	err := os.MkdirAll(trivyImageCacheDir, 0755)
+	if err != nil {
+		log.Printf("Error creating Trivy Image cache directory: %v\n", err)
+		return err
+	}
 	clearCacheCmd := "trivy image --clear-cache"
 
 	ctx:=context.Background()
@@ -35,7 +43,8 @@ func RunTrivyImageScans(config *rest.Config, js nats.JetStreamContext) error {
 
 	for _, image := range images {
 		var report types.Report
-		out, err := executeCommand("trivy image " + image.PullableImage + " --timeout 60m -f json -q --cache-dir /tmp/.cache")
+		scanCmd := fmt.Sprintf("trivy image %s --timeout 60m -f json -q --cache-dir %s", image.PullableImage, trivyImageCacheDir)
+		out, err := executeCommand(scanCmd)
 		if err != nil {
 			log.Printf("Error scanning image %s: %v", image.PullableImage, err)
 			continue // Move on to the next image in case of an error
@@ -84,12 +93,3 @@ func publishImageScanReports(report types.Report, js nats.JetStreamContext) erro
 	log.Printf("Trivy image report with ID:%s has been published\n", metrics.ID)
 	return nil
 }
-
-func cleanupCache(cacheDir string) {
-	err := os.RemoveAll(cacheDir)
-	if err != nil {
-		log.Printf("Failed to clean up cache directory %s: %v", cacheDir, err)
-	} else {
-		log.Printf("Cache directory %s cleaned up successfully", cacheDir)
-	}
-}

agent/kubviz/trivy_sbom.go

@@ -6,6 +6,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"log"
+	"os"
 	"os/exec"
 
 	"github.com/aquasecurity/trivy/pkg/sbom/cyclonedx"
@@ -57,6 +58,13 @@ func executeCommandSbom(command string) ([]byte, error) {
 }
 
 func RunTrivySbomScan(config *rest.Config, js nats.JetStreamContext) error {
+	pvcMountPath := "/mnt/agent/kbz"
+	trivySbomCacheDir := fmt.Sprintf("%s/trivy-sbomcache", pvcMountPath)
+	err := os.MkdirAll(trivySbomCacheDir, 0755)
+	if err != nil {
+		log.Printf("Error creating Trivy cache directory: %v\n", err)
+		return err
+	}
 	clearCacheCmd := "trivy image --clear-cache"
 
 	log.Println("trivy sbom run started")
@@ -74,8 +82,8 @@ func RunTrivySbomScan(config *rest.Config, js nats.JetStreamContext) error {
 	}
 	for _, image := range images {
 
-		command := fmt.Sprintf("trivy image --format cyclonedx %s %s", image.PullableImage, "--cache-dir /tmp/.cache")
-		out, err := executeCommandSbom(command)
+		sbomcmd := fmt.Sprintf("trivy image --format cyclonedx %s --cache-dir %s", image.PullableImage, trivySbomCacheDir)
+		out, err := executeCommandSbom(sbomcmd)
 
 		if err != nil {
 			log.Printf("Error executing Trivy for image sbom %s: %v", image.PullableImage, err)

charts/agent/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.1.7
+version: 1.1.8
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/agent/templates/deployment.yaml

@@ -75,8 +75,24 @@ spec:
             value: "{{ .Values.schedule.kubepreupgradeInterval }}"
           - name: TRIVY_INTERVAL
             value: "{{ .Values.schedule.trivyInterval }}"
+          {{- if .Values.persistence.enabled }}  
+          volumeMounts:
+          - name: data
+            mountPath: {{ .Values.persistence.mountPath }}
+          {{- end }}
           resources:
-            {{- toYaml .Values.resources | nindent 12 }}
+            limits:
+              cpu: {{ .Values.resources.limits.cpu }}
+              memory: {{ .Values.resources.limits.memory }}
+              {{- if not .Values.persistence.enabled }}
+              ephemeral-storage: {{ .Values.resources.limits.ephemeralstorage }}
+              {{- end }}
+            requests:
+              cpu: {{ .Values.resources.requests.cpu }}
+              memory: {{ .Values.resources.requests.memory }}
+              {{- if not .Values.persistence.enabled }}
+              ephemeral-storage: {{ .Values.resources.requests.ephemeralstorage }}
+              {{- end }}
 {{- if .Values.git_bridge.enabled }}
         - name: git-bridge
           image: "{{ .Values.git_bridge.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -99,8 +115,24 @@ spec:
             {{- end }}
           - name: NATS_ADDRESS
             value: {{ .Values.nats.host }}
+          {{- if .Values.git_bridge.persistence.enabled }}  
+          volumeMounts:
+          - name: data
+            mountPath: {{ .Values.git_bridge.persistence.mountPath }}
+          {{- end }}
           resources:
-            {{- toYaml .Values.git_bridge.resources | nindent 12 }}
+            limits:
+              cpu: {{ .Values.git_bridge.resources.limits.cpu }}
+              memory: {{ .Values.git_bridge.resources.limits.memory }}
+              {{- if not .Values.git_bridge.persistence.enabled }}
+              ephemeral-storage: {{ .Values.git_bridge.resources.limits.ephemeralstorage }}
+              {{- end }}
+            requests:
+              cpu: {{ .Values.git_bridge.resources.requests.cpu }}
+              memory: {{ .Values.git_bridge.resources.requests.memory }}
+              {{- if not .Values.git_bridge.persistence.enabled }}
+              ephemeral-storage: {{ .Values.git_bridge.resources.requests.ephemeralstorage }}
+              {{- end }}
 {{- end }}
 {{- if .Values.container_bridge.enabled }}
         - name: container-bridge
@@ -124,9 +156,31 @@ spec:
             {{- end }}
           - name: NATS_ADDRESS
             value: {{ .Values.nats.host }}
+          {{- if .Values.container_bridge.persistence.enabled }}  
+          volumeMounts:
+          - name: data
+            mountPath: {{ .Values.container_bridge.persistence.mountPath }}
+          {{- end }}
           resources:
-            {{- toYaml .Values.container_bridge.resources | nindent 12 }}
+            limits:
+              cpu: {{ .Values.container_bridge.resources.limits.cpu }}
+              memory: {{ .Values.container_bridge.resources.limits.memory }}
+              {{- if not .Values.container_bridge.persistence.enabled }}
+              ephemeral-storage: {{ .Values.container_bridge.resources.limits.ephemeralstorage }}
+              {{- end }}
+            requests:
+              cpu: {{ .Values.container_bridge.resources.requests.cpu }}
+              memory: {{ .Values.container_bridge.resources.requests.memory }}
+              {{- if not .Values.container_bridge.persistence.enabled }}
+              ephemeral-storage: {{ .Values.container_bridge.resources.requests.ephemeralstorage }}
+              {{- end }}
 {{- end }}
+      {{- if .Values.persistence.enabled }}
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: {{ include "agent.fullname" . }}-data
+      {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/agent/templates/pvc.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.persistence.enabled }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "agent.fullname" . }}-data
+spec:
+  accessModes:
+    - {{ .Values.persistence.accessMode }}
+  storageClassName: {{ .Values.persistence.storageClass | default "" }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size }}
+{{- end }}

charts/agent/values.yaml

@@ -52,10 +52,18 @@ git_bridge:
     limits:
       cpu: 200m
       memory: 256Mi
-      ephemeral-storage: 100Mi
+      ephemeralstorage: 100Mi
     requests:
       cpu: 200m
       memory: 256Mi
+      ephemeralstorage: 100Mi
+  persistence:
+    enabled: true
+    existingClaim: ""
+    storageClass: ""
+    mountPath: /mnt/agent/gb
+    accessMode: ReadWriteOnce
+    size: 5Gi
   ingress:
     enabled: true
     annotations:
@@ -87,10 +95,18 @@ container_bridge:
     limits:
       cpu: 200m
       memory: 256Mi
-      ephemeral-storage: 100Mi
+      ephemeralstorage: 100Mi
     requests:
       cpu: 200m
       memory: 256Mi
+      ephemeralstorage: 100Mi
+  persistence:
+    enabled: true
+    existingClaim: ""
+    storageClass: ""
+    mountPath: /mnt/agent/cb
+    accessMode: ReadWriteOnce
+    size: 5Gi
   ingress:
     enabled: true
     annotations:
@@ -127,10 +143,19 @@ resources:
   limits:
     cpu: 2
     memory: 2Gi
-    ephemeral-storage: 1Gi
+    ephemeralstorage: 1Gi
   requests:
     cpu: 200m
     memory: 256Mi
+    ephemeralstorage: 256Mi
+
+persistence:
+  enabled: true
+  existingClaim: ""
+  storageClass: ""
+  mountPath: /mnt/agent/kbz
+  accessMode: ReadWriteOnce
+  size: 5Gi
 
 autoscaling:
   enabled: false